RE: negotiating Packet Number Protection
Gabriel Montenegro <Gabriel.Montenegro@microsoft.com> Mon, 10 September 2018 22:01 UTC
Return-Path: <Gabriel.Montenegro@microsoft.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 411BB130FB7 for <quic@ietfa.amsl.com>; Mon, 10 Sep 2018 15:01:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.111
X-Spam-Level: *
X-Spam-Status: No, score=1.111 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, T_KAM_HTML_FONT_INVALID=0.01, URI_HEX=1.122] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dSe36yXHxG3H for <quic@ietfa.amsl.com>; Mon, 10 Sep 2018 15:01:38 -0700 (PDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0114.outbound.protection.outlook.com [104.47.42.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E127130FB2 for <quic@ietf.org>; Mon, 10 Sep 2018 15:01:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Yvnkz2b9PqOQs2ykXx+of4/IeyX0HhIAeHH262nVHJ4=; b=AmFSdLZnR9v7+KYb0lbuxtUq+++/+yIvrJEfQ40cv3XGQVaJH4zKNWTwEh+v8e2CPYXJHtpO2de8xGpaeOrxDDf0z0QxXoYCCagW6ni8MxDglV3pGZAcvaOfmX1Pg0W9jUm3ZJIVlnw557mUwU0JkUszYbtm19DyA0DJ0QxXCgU=
Received: from DM5PR21MB0139.namprd21.prod.outlook.com (10.173.173.14) by DM5PR21MB0857.namprd21.prod.outlook.com (10.173.172.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1143.6; Mon, 10 Sep 2018 22:01:22 +0000
Received: from DM5PR21MB0139.namprd21.prod.outlook.com ([fe80::5c50:1e57:45b5:4dc4]) by DM5PR21MB0139.namprd21.prod.outlook.com ([fe80::5c50:1e57:45b5:4dc4%7]) with mapi id 15.20.1164.006; Mon, 10 Sep 2018 22:01:22 +0000
From: Gabriel Montenegro <Gabriel.Montenegro@microsoft.com>
To: huitema <huitema@huitema.net>, "quic@ietf.org" <quic@ietf.org>
Subject: RE: negotiating Packet Number Protection
Thread-Topic: negotiating Packet Number Protection
Thread-Index: AdRGNFtNHdOO+Z3gRiiFS3eOLSplqgACixwAAARNpYAAAtZIgAATJxSAAAmBNgAAF2EzAACJcfSg
Date: Mon, 10 Sep 2018 22:01:21 +0000
Message-ID: <DM5PR21MB01395E641DD5850501353A8895050@DM5PR21MB0139.namprd21.prod.outlook.com>
References: <DM5PR21MB01393FE7097A16C7A68EA7BE95010@DM5PR21MB0139.namprd21.prod.outlook.com> <CABkgnnViOSQOYeEL4bL_hq6jPDaGR-G+O=A96C78+X4mheWaxg@mail.gmail.com> <0d5fb94c-3a79-ac40-ee12-193d190d4408@huitema.net> <DB6PR10MB1766D14FF9B5C1971B72471DAC000@DB6PR10MB1766.EURPRD10.PROD.OUTLOOK.COM> <CAKcm_gPWf=GZoMr3Nf2k75oRifK51+ZkUbH42-cM2Oa1Smy6Sg@mail.gmail.com> <7CF7F94CB496BF4FAB1676F375F9666A3BB968F3@bgb01xud1012> <e96841a5-4700-c6ac-d853-5a5df63a8667@huitema.net>
In-Reply-To: <e96841a5-4700-c6ac-d853-5a5df63a8667@huitema.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=gmonte@ntdev.microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-09-10T22:01:12.7069737Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:1:85f7:b558:4309:b439]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR21MB0857; 6:IKAAWzbj4gMhlQroxXCu7e6H/P747dKzhamKmkOBepM6SBYoK5nFAZWp1z/S6oExmUhRu6fDE3yqoprhcP81CVlzCRlYfWZqvzDJulS6QiaL798xl28JG9dejpqEwb7sUaA/GgZtJmN+NiQZK+FAFjenjTU+8FXODoiu1wSxr6Est5HUbrap5YHw06qwWS/RmuLol/Y9AJsEO6VF3jedY2JtNegTje2E6ZV+ailHddEFvXXHZOg8lQOpgsbSaeW9ANIBzYI8C9Cpktofeb3x+Y4p/rIwAFcMHI8tKjQUAJzpyUdALrfLckgyUEUzvXrD5OO1BEbbP8RPLtAUclKAwMQpqtQ7AeO+wN6zpybYoEe2AHHe3LTni3TdKcs/n9DhvUGBtsy4d5YVkMcVBrot9fcKZVZ258H6a/gAdAEzkl3Nsphg7c/50IxXZBzcymmD4g4Fv1cha3rZocG5u1wr/A==; 5:ul1H/cRcrPQRoip4XyIJe/D6VExi3gD1VanjxEiW9WEI6QaLibDPQ5im/TMaTbV3PRjLbwiVH4V+p8BQATF5nITUqRk/rXZPlHfZAtKpmQXIx0s+WBzFk1RjnaxD3cvc6EcvgA1A6T7XmsGprrzuYD7ZJ0rWxgHQO7NwI7qIdW0=; 7:U0MQHmAU8neMVSwA4kwJYd3s71MSTcwHT24uU9EsexJasF2p2Ai4wy1jJ9C0NH4J8TV38i71B7YfySXNNVVgN2BUZ3BIqphT08MAU87ipOZWGf+kMXoE0BfYNBtj74FF2+uWjYG17pVeJTBJmJHB1vagE9m04BOzGjy9gxMK02rk8BRvmIh7xAz2qb4ez2risXX4I3u+b1hIZ7HicHGmXisJNYN6373O1SCW/kFWzG17a/XmGXYNR4YhHq9eE3/Q
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 321ef9e4-e8b9-4e33-0f3c-08d61768f1d5
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7193020); SRVR:DM5PR21MB0857;
x-ms-traffictypediagnostic: DM5PR21MB0857:
x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr
x-microsoft-antispam-prvs: <DM5PR21MB0857FC5795578198490353F495050@DM5PR21MB0857.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(278428928389397)(204407124797145)(189930954265078)(85827821059158)(103651359005742)(219752817060721)(127952516941037)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231344)(944501410)(52105095)(2018427008)(3002001)(10201501046)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201708071742011)(7699050); SRVR:DM5PR21MB0857; BCL:0; PCL:0; RULEID:; SRVR:DM5PR21MB0857;
x-forefront-prvs: 07915F544A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(346002)(376002)(39860400002)(366004)(136003)(51444003)(189003)(199004)(53546011)(256004)(81166006)(81156014)(14444005)(5024004)(97736004)(74316002)(2906002)(229853002)(86612001)(2900100001)(6246003)(86362001)(5660300001)(68736007)(3480700004)(22452003)(25786009)(8936002)(33656002)(316002)(76176011)(5250100002)(2501003)(8676002)(7736002)(7696005)(6506007)(11346002)(55016002)(476003)(10090500001)(106356001)(186003)(446003)(6346003)(6436002)(8990500004)(14454004)(99286004)(790700001)(6116002)(93886005)(110136005)(478600001)(10290500003)(236005)(102836004)(105586002)(72206003)(966005)(6306002)(54896002)(486006)(9686003)(53936002)(606006)(46003); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR21MB0857; H:DM5PR21MB0139.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Gabriel.Montenegro@microsoft.com;
x-microsoft-antispam-message-info: 44vn8bHW5AlUuRIxT8OvBvDU+eE7ig4EmSZIkUtyDL1Krm/zC9lHSGHENFtUzlP4DJRROscsDgDtoB5NUr6EQVaVIjbJ80XdPyvNoJKjaNlW/dxxrXEtMKGfbshzI5BusjzXrOfOOCHgvQsUbMQHiGzDoQqS9WKrj3XPPFF9Y7uV4QGUHouWlgJuh3vjQJMk/WmNP4a+lPX0pd9vCLT6J7apRs4n3kIuR2xoYLbYyT5DDTEEU0eEhCNmmLcJQcjZfSlAXL8VsONoQ2RcAFEmW7sXjDFttXwu10ewya0tZSwE4aN9PUp8zU9okUDaPV2faQHSHuP1EkSfJidtzZUDQKGH5uzV/5/TJEaVsuY6/3c=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM5PR21MB01395E641DD5850501353A8895050DM5PR21MB0139namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 321ef9e4-e8b9-4e33-0f3c-08d61768f1d5
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Sep 2018 22:01:21.4251 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR21MB0857
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/LfqSTQ8-LXDC0fFIzZ-F3zVYmpY>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Sep 2018 22:01:42 -0000
Thanks folks for the comments and suggestions. They seem reasonable, namely * relaxing from a MUST NOT to a SHOULD NOT on internet-facing clients * requiring disable_migration as well. New version here: https://tools.ietf.org/html/draft-montenegro-quic-negotiate-pnp-01 Is this simple enough to include in the transport document? Alternatively, it would be great if this could be published as an informational (or experimental) document to make it a stable reference. Thanks, Gabriel From: QUIC <quic-bounces@ietf.org> On Behalf Of Christian Huitema Sent: 7 September, 2018 21:20 To: quic@ietf.org Subject: Re: negotiating Packet Number Protection On the "migration" point. I think that proposing the "no packet number protection" option without also proposing the "migration not supported" option should be treated as a protocol error. -- Christian Huitema On 9/7/2018 10:10 AM, Lucas Pardue wrote: I agree with relaxing the MUST for Internet-facing. There may be some future applications of future versions of QUIC where the benefits of PNP are harder to rationalise (i.e. traceabiity of mutlicasted QUIC packets that share a packet number). Indeed, there may be some other schemes that a benefit from a readble and/or deterministic packet number. However, that's all a long way off. What I like about the extension for the QUIC we have today is that it sets the right frame up for implementations that might want to do things slightly differently. Regards Lucas ________________________________ From: QUIC [quic-bounces@ietf.org<mailto:quic-bounces@ietf.org>] on behalf of Ian Swett [ianswett=40google.com@dmarc.ietf.org<mailto:ianswett=40google.com@dmarc.ietf.org>] Sent: 07 September 2018 13:38 To: Mikkel Fahnøe Jørgensen Cc: Martin Thomson; IETF QUIC WG; Christian Huitema; gabriel.montenegro=40microsoft.com@dmarc.ietf.org<mailto:gabriel.montenegro=40microsoft.com@dmarc.ietf.org> Subject: Re: negotiating Packet Number Protection I agree with Mikkel that the MUST not enable it on the public internet is either too strong or potentially impractical to enforce, so I would be inclined to change that to a SHOULD. I would request that this MUST not be used when voluntary/intentional connection migration is enabled. On Thu, Sep 6, 2018 at 11:30 PM Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com<mailto:mikkelfj@gmail.com>> wrote: The MUST not disable PNP on internet facing nodes is too strong - you want a deployment to be able to move to a new DC while talking to the old DC - although ossification could br a concern, it is not egen limited to quasi stationært use cases. ________________________________ From: QUIC <quic-bounces@ietf.org<mailto:quic-bounces@ietf.org>> on behalf of Christian Huitema <huitema@huitema.net<mailto:huitema@huitema.net>> Sent: Friday, September 7, 2018 4:09:01 AM To: Martin Thomson; Gabriel.Montenegro=40microsoft.com@dmarc.ietf.org<mailto:40microsoft.com@dmarc.ietf.org> Cc: QUIC WG Subject: Re: negotiating Packet Number Protection This draft requests assignment of single byte code point. I would rather not do that know, as we are discussing reserving several consecutive codes for ACK variants and options. Would it be a deal breaker if the option used a longer code? -- Christian Huitema On 9/6/2018 5:05 PM, Martin Thomson wrote: > This is an entirely appropriate use of transport parameters and it > looks like the design works as intended. I tend to think that the > IETF doesn't need to publish this - this sort of extension is why we > have relatively loose registration policies - but I'm happy to have > that conversation at the appropriate time. > On Fri, Sep 7, 2018 at 8:55 AM Gabriel Montenegro > <Gabriel.Montenegro=40microsoft.com@dmarc.ietf.org<mailto:40microsoft.com@dmarc.ietf.org>> wrote: >> Folks, >> >> >> >> We just submitted a draft to negotiate Packet Number Protection. This would allow disabling it in environments (e.g., in a datacenter) where it may no be needed if both sides agree. Browsers, of course, would probably not bother with this. >> >> >> >> https://tools.ietf.org/html/draft-montenegro-quic-negotiate-pnp-00<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-montenegro-quic-negotiate-pnp-00&data=02%7C01%7CGabriel.Montenegro%40microsoft.com%7C82c986f3194048f795e108d615427fd0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636719772700583188&sdata=bwlaL%2FgyUxAxXBl%2BrraKlkCvZKYtxV8i8oI55ijCzK4%3D&reserved=0> >> >> >> >> thanks, >> >> >> >> Gabriel, Nick, Praveen ---------------------------- http://www.bbc.co.uk<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.bbc.co.uk&data=02%7C01%7CGabriel.Montenegro%40microsoft.com%7C82c986f3194048f795e108d615427fd0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636719772700583188&sdata=trJmli6Qlnd3PUJejUnkLP5SUWMuonzJXvIPuFtLt7c%3D&reserved=0> This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. ---------------------
- negotiating Packet Number Protection Gabriel Montenegro
- Re: negotiating Packet Number Protection Martin Thomson
- Re: negotiating Packet Number Protection Christian Huitema
- Re: negotiating Packet Number Protection Mikkel Fahnøe Jørgensen
- Re: negotiating Packet Number Protection Martin Thomson
- Re: negotiating Packet Number Protection Christian Huitema
- Re: negotiating Packet Number Protection Ian Swett
- RE: negotiating Packet Number Protection Praveen Balasubramanian
- RE: negotiating Packet Number Protection Praveen Balasubramanian
- RE: negotiating Packet Number Protection Lucas Pardue
- Re: negotiating Packet Number Protection Christian Huitema
- RE: negotiating Packet Number Protection Gabriel Montenegro
- Re: negotiating Packet Number Protection Christopher Wood
- RE: negotiating Packet Number Protection Gabriel Montenegro
- Re: negotiating Packet Number Protection Lars Eggert
- RE: negotiating Packet Number Protection Gabriel Montenegro